L32 - Advanced EtherNet/IP Features in Converged Plant-wide

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC

PUBLIC - 5058-CO900G

L32 - Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Systems

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC 2

Agenda

Lab Agenda

Stratix™ Industrial Ethernet Switch Product Overview

EtherNet/IP Enabling Network Convergence

Advance Features – Network Segmentation(VLANs and Connected Routing), Network Address Translation (NAT)

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC

EtherNet/IP Technology

3

The same Ethernet technology…

as email, voice, video, the Internet, web pages

as the corporate network

known by IT professionals

on your home and office computers

Running Common Industrial Protocol (CIP):

The most widely used standard, application layer industrial protocol globally

Standardized through IEC, ISO, ODVA and others

Same technology as DeviceNet and ControlNet

Rockwell Automation® and Cisco as well as other major vendors like Schneider, Omron, Bosh Rexroth & 300+

Standard application-layer protocol

(Automation)CIP: Common Industrial Protocol

SMTP (Mail)

FTP (Files) . . .

HTTP (Web)

VoIP (Voice)

One Standard Network Technology


Trend – Technology Convergence

5

Convergence of Industrial Automation Technology (IAT)

with Information Technology (IT)


Agenda

Lab Agenda





The Stratix™ PortfolioIntegrating Industrial and Enterprise Environments

Products that offer: Technology that offers:

Layer 2 and Layer 3 switching for simple

to complex networks applications Advanced switching, routing and security features

Advanced security services Common tools for Controls & IT

Plant-floor and Enterprise integration Improved Maintainability

“On-Machine™” Connectivity Flexible design

Wireless integration in hard-to-wire and remote areas Customization based on your plant’s needs

Stratix™

8000/8300Layer 2, Layer 3

…as well as

Operations

and IT

Addressing

the needs of

Automation…

Stratix 5900™

Services Router

Stratix 2000™

Unmanaged

Stratix™ 5100 Wireless

Access Point/Workgroup

Bridge

Stratix 5700™Layer 2

Stratix 6000™Layer 2

Stratix™ ETAPs

ArmorStratix™ 5700


The Stratix™ Engine

Cisco IOS Software is the most widely

leveraged network infrastructure software

in the world

Currently operating on millions

of active systems, ranging from

the small home office router to the core

systems of the world's largest service

provider networks

Cisco's leadership in switching, routing and security now in Rockwell Automation® industrial Ethernet products and solutions


Stratix 8000™ and Stratix 8300™Layer 2 & Layer 3 Modular Managed Switches

Configurable up to 26 ports Base unit - 6 or 10 port Expansion Modules

Cooper, Fiber, SFP & PoE SFP for multi and single mode fiber

Wide variety of SFPs available Power over Ethernet (PoE)

8 ports PoE & PoE+ (port configurable)

CompactFlash card Stores configuration and IOS

for easy device replacement Advanced feature set to address:

EtherNet/IP applications Security Resiliency & Redundancy

Operating Temp: -40ºC to 60ºC

Ideal for connecting into a higher level of the network infrastructure architecture

Data Ports10/100 Copper

Dual Purpose Uplink Ports10/100/1000

Copper or SFP

SFP Fiber Transceiver100M and 1G

Multi mode and Single mode

Copper, fiber, SFP & PoE Expansion

Modules


Stratix 5700™Layer 2 Managed Fixed Port

3 base platforms offering 23 configurations 6, 10 and 20 port base units 2 Gig port option

SFP slots support multi and single mode fiber

Wide variety of SFPs available SecureDigital flash card (optional)

Stores configuration and IOS of switch Power over Ethernet (PoE)

4 ports PoE & PoE+ (port configurable) Two software packages

Lite & Full software versions Advanced feature set

Same feature set as the Stratix 8000™ Integrated NAT functionality Connected & static routing

Ideal for connecting machines into the plant networks –converged networks

*Combo ports can be either copper or SFP

SD card for back up


Agenda

Lab Agenda





Network SegmentationVLANs and Connected Routing

Segmentation through smaller modular building blocks enables:

Minimization of network sprawl

Scalable, robust and future-ready network infrastructure with smaller fault domains, smaller broadcast domains, and smaller domains of trust (security)

Techniques to create smaller network building blocks (Layer 2 domains)

Structure and hierarchy

Logical model – geographical and functional organization of IACS devices

Campus network model - multi-tier switch model – Layer 2 and Layer 3

Logical framework

Segmentation

Multiple network interface cards (NICs) – for example CIP bridge

Network Address Translation (NAT) appliance

Virtual Local Area Networks (VLANs)

VLANs with NAT

Integrated Services Router


Structure and HierarchyLogical Framework – Converged Plantwide Ethernet (CPwE)

The Cell/Area zone is a Layer 2 network for a functional area (plant-wide or site-wide). Key network

considerations include:

Structure and hierarchy using smaller Layer 2 building blocks

Logical segmentation for traffic management and policy enforcement (for example QoS, Security) to

accommodate time-sensitive applications

Levels 0–2

Phone

Controller

SafetyController

Camera

Safety I/O

Instrumentation

HMI

Cell/Area Zones

Rockwell Automation®Stratix™ 5700/8000

Layer 2 Access Switch

Catalyst 3750 StackWise

Switch Stack

Media & Connectors

Cell/Area Zone #1Redundant Star TopologyFlex Links Resiliency

Cell/Area Zone #2Ring TopologyResilient Ethernet Protocol (REP)

Cell/Area Zone #3Bus/Star Topology

MCC

Layer 3 Distribution

Switch

Layer 2 Access Switch

Soft Starter

Level 2 HMI

Level 0 Drive

I/O

Layer 3Building Block


Level 1 Controller


ServoDrive



Network Address Translation (NAT)What is NAT?

Current Rockwell Automation® products support 1:1 NAT

NAT is a service that allows the translation

of a packet from one IP address to another

Functionality includes Layer 2 and Layer 3

implementation in multiple forms:

NAT One to Many (1:n) – also known

as Port Address Translation and allows

multiple devices to share one “public” IP address

Most common in consumer routers (in your home)

NAT One to One (1:1) – allows the assignment of a unique “public” IP

address to an existing “private” IP address (end device)

The end device can communicate on both “public” and “private” networks by

using an “alias” of the IP address physically programmed on the end device


Layer 2 vs. Layer 3 NAT

15

Layer 3 Layer 2*

Typically a software implementation

NAT device acts as the default

gateway (router) for the devices on

the inside network

NAT device will intercept traffic,

perform translation, and route traffic

Translations are handled by the

NAT CPU

Performance of translation is directly

tied to the loading of the NAT CPU

Hardware-based implementation

NAT device does not act as a router

and uses two translations tables –

inside to outside and outside to

inside

Performance is at wire speed

throughout switch loading

Supports multiple VLANs through

NAT boundary enhancing

segmentation flexibility

(Communication between VLANS

requires a separate layer 3 device)

*Layer 2 NAT is available only in the Stratix 5700™


NAT Device Selection Guide

16

128*

128

N/A

32

* 128 individual NAT Entries per NAT table. An entry can be an entire subnet.

60

Mbp/s

40

Mbp/s

10

Mbp/s

20

Mbp/s


Agenda

Lab Agenda





Lab Agenda

18

This hands-on lab will cover a variety of techniques, best practices,

software and products using EtherNet/IP. A prior understanding of general

Ethernet concepts, including switching and routing is recommended

This lab will demonstrate Network Address Translation (NAT) in Layer 2

and Layer 3 architectures, VLAN segmentation, and Connected Routing

Lab 1 will walk you through the steps of setting up NAT for a Layer 2

Architecture

Lab 2 will walk you through the steps of VLAN assignment and

network segmentation, Connected Routing, and NAT in a Layer 3

Architecture

Device Manager will be used to complete all configurations


ENET21 Demo Box

19


Lab Architecture

20


Lab 1- Layer 2 Architecture

21


How NAT WorksLayer 2 Only

Inside to Outside

Inside Address Outside Address

192.168.1.3 10.10.10.3

Src IP 192.168.1.3

Dst IP 192.168.1.20

Stratix™

8000

Layer 2

Inside Subnet

192.168.1.0/24

VLAN 10

Outside Subnet

10.10.10.0/24

VLAN 10

Stratix™

5700 w/NAT

Inside Device

IP 192.168.1.3

Outside Device

IP 10.10.10.20

Src IP 10.10.10.20

Dst IP 10.10.10.3

Outside to Inside

Outside Address Inside Address

10.10.10.20 192.168.1.20

Src IP 10.10.10.3

Dst IP 10.10.10.20

Src IP 192.168.1.20

Dst IP 192.168.1.3


Lab 2 - Layer 3 Architecture

23

VLAN SegmentationConnected Routing

NAT


How NAT Works- Layer 3 Architecture

24

Src IP 192.168.1.3

Dst IP 10.10.20.20

Stratix 8000

Layer 3

Inside Subnet

192.168.1.0/24

VLAN 10

Outside Subnet

10.10.20.0/24

VLAN 20

Stratix

5700 w/NAT

Inside Device

IP 192.168.1.3

GW 192.168.1.1

Outside Device

IP 10.10.20.20

GW 10.10.20.1

Inside to Outside

Inside Address Outside Address

192.168.1.3 10.10.10.3

Src IP 10.10.10.3

Dst IP 10.10.20.20

Src IP 10.10.20.20

Dst IP 10.10.10.3

Src IP 10.10.20.20

Dst IP 192.168.1.3

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC

PUBLIC - 5058-CO900G

.Connect with us.

www.rockwellautomation.com

Questions?

Documents

L32 - Advanced EtherNet/IP Features in Converged Plant-wide